Redirect URL after email dialog not verified

As described in this vulnerability report, the redirect_url field that is used for sending the user back to where they came from, is not verified properly. This would allow attackers to use misc.php to redirect users to any URL on the internet.

It's sad that they decided to make this public without disclosing it to the developers first...